IN THE CLAIMS: 



1 . (Currently Amended) A method of performing encrypted WLAN (Wireless Local 
Area Network) communication, comprising the steps of: 

operating driver software to performing perform a connection set-up for said 
encrypted WLAN communication; and 

operating a WLAN chip to performing perform data frame encapsulation and/or 
decapsulation during said encrypted WLAN communication; 

wherein said connection set-up is performed by executing software-implemented 
instructions of said driver software without exchanging intermediate data with 

said WLAN chip ; and 

wherein said data frame encapsulation and/or decapsulation is performed by 
operating single-purpose hardware of said WLAN chip vyithout executing 
software-implemented instructions of said driver software . 

2. (Original) The method of claim 1 , wherein the step of performing said cormection 
set-up comprises authenticating a WLAN station by another WLAN station and/or 
a WLAN authentication server. 

3. (Original) The method of claim 1, wherein the step of performing said connection 
set-up comprises associating a WLAN station with another WLAN station and/or 
a WLAN access point as WLAN communication counter-parts. 

4. (Original) The method of claim 1, wherein the step of performing said connection 
set-up comprises exchanging cryptographic keys between a WLAN station and 
another WLAN station and/or a WLAN access point. 

5. (Original) The method of claim 1, wherein performing said encrypted WLAN 
communication further comprises obtaining a plurality of data j&ames intended for 
said data frame encapsulation from driver software. 
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6. (Original) The method of claim 5, wherein the step of obtaining the plurality of 
data frames comprises obtaining a plurality of data frames comprising cipher 
information indicating a determining factor for performing the data frame 
encapsulation and/or decapsulation. 

7. (Original) The method of claim 6, wherein said determining factor comprises a 
way in which a data frame intended for the data frame encapsulation is 
fragmented. 

8. (Original) The method of claim 6, wherein said determining factor comprises a 
cipher protocol suitable for performing the data frame encapsulation. 

9. (Original) The method of claim 6, wherein said determining factor comprises a 
cryptographic key suitable for encrypting a data frame. 

10. (Original) The method of claim 5, wherein performing said encrypted WLAN 
communication fiirther comprises selecting one of the plurality of data frames for 
said data frame encapsulation by performing a prioritization algorithm 
implemented on the single-purpose hardware. 

1 1 . (Original) The method of claim 5, wherein the step of performing said data frame 
encapsulation comprises inserting a package number and/or sequence number into 
one of the plurality of data frames. 

12. (Original) The method of claim 5, wherein the step of performing said data frame 
encapsulation comprises encrypting at least part of one of the plurality of data 
frames. 

13. (Original) The method of claim 5, wherein the step of performing said data frame 
encapsulation comprises calculating an integrity value appropriate for verifying 
integrity of one of the plurality of data frames once said data frame decapsulation 
is completed. 

14. (Original) The method of claim 13, wherein the step of performing said data 
frame encapsulation comprises encrypting said integrity value. 
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15. (Original) The method of claim 14, wherein the step of performing said data 
frame encapsulation comprises inserting the encrypted integrity value into one of 
the plurality of data frames. 

16. (Original) The method of claim 1, wherein performing said encrypted WLAN 
communication further comprises receiving a data frame intended for said data 

frame decapsulation from a WLAN station and/or WLAN access point. 

17. (Original) The method of claim 1, wherein the step of performing said data frame 
decapsulation comprises obtaining cipher information indicating a determining 
factor for performing the data frame encapsulation and/or decapsulation from a 
storage unit within the single-purpose hardware. 

18. (Original) The method of claim 17, wherein said determining factor comprises a 
cipher protocol suitable for performing the data frame decapsulation. 

19. (Original) The method of claim 17, wherein said determining factor comprises a 
cryptographic key suitable for decrypting a data frame. 

20. (Original) The method of claim 16, wherein the step of performing said data 
frame decapsulation comprises decrj^ting at least part of the data frame. 

21. (Original) The method of claim 20, wherein the data frame comprises an 
encrypted integrity value appropriate for verifying integrity of the data frame once 

said data frame decapsulation is completed, and the step of decrypting at least part 
of the data frame comprises decrypting the encrypted integrity value. 

22. (Original) The method of claim 21, wherein the step of performing said data 
frame decapsulation further comprises calculating the integrity value from at least 
part of the data frame except the encrypted integrity value. 

23. (Original) The method of claim 22, wherein the step of performing said data 
frame decapsulation further comprises calcvilating an integrity verification value 
indicating a difference between the decrypted integrity value and the calculated 
integrity value. 
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24. (Original) The method of claim 23, wherein the step of performing said data 
frame decapsulation further comprises inserting said integrity verification value 
into the data frame. 

25. (Original) The method of claim 24, wherein performing said encrypted WLAN 
communication further comprises performing counter-measures according to said 
integrity verification value by executing software-implemented instructions, 
wherein said counter-measures are suitable for limiting the amount of information 
available to an illegitimate WLAN protruder. 

26. (Original) The method of claim 1, wherein the step of performing said data frame 
encapsulation and/or decapsulation comprises generating cryptographic data 
suitable for encrypting or decrypting a data fi-ame. 

27. (Original) The method of claim 26, wherein the step of generating cryptographic 
data comprises generating authentication data suitable for encrypting a data frame 
in a manner specific to a WLAN station or decrypting a data frame encrypted in a 
manner specific to a WLAN station. 

28. (Original) The method of claim 1, wherein said encrypted WLAN communication 
is performed based on the IEEE 802.1 11 security standard. 

29. (Original) The method of claim 1 , wherein said encrypted WLAN communication 
is performed in a WLAN based on the IEEE 802. lib standard. 

30. (Original) The method of claim 1, wherein said software-implemented 
instructions are executed on general-purpose hardware by driver software. 

31. (Original) The method of claim 1, wherein said single-purpose hardware is 
operated periodically. 

32. (Original) The method of claim 31, wherein said single-purpose hardware is 
operated periodically at 1 IMHz. 
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33. (Original) The method of claim 31, wherein said data frame encapsulation and/or 
decapsulation is performed according to the TKIP (Temporal Key Integrity 
Protocol) protocol. 

34. (Original) The method of claim 33, wherein the step of performing said data 
frame encapsulation and/or decapsulation comprises performing RC4 (Rivest's 
Cipher 4) encryption and/or decryption. 

35. (Original) The method of claim 34, wherein said RC4 encryption and/or 
decryption is performed by operating at least part of the single-purpose hardware. 

36. (Original) The method of claim 35, wherein said part of the single-purpose 
hardware has a tree structure. 

37. (Original) The method of claim 36, wherein said RC4 encryption and/or 
decryption is performed by operating only a sub-part of the single-purpose 
hardware corresponding to the tree root, part of the tree leaves and the tree 
components intercoimecting the tree root with said part of the tree leaves. 

38. (Original) The method of claim 37, wherein said sub-part of the single-piarpose 
hardware corresponds to the tree root, two of the tree leaves and the tree 
components intercoimecting the tree root with said two of the tree leaves. 

39. (Original) The method of claim 34, wherein the step of performing said RC4 
encryption and/or decryption comprises encrypting or decrypting at least part of a 
data frame comprising bytes, and said RC4 encryption and/or decryption is split 
over at least two operating periods of the single-purpose hardware to encrj^t or 
decrypt one byte of the data frame. 

40. (Original) The method of claim 31, wherein said data frame encapsulation and/or 
decapsulation is performed according to the CCMP (Counter-mode Cipher block 
chaining Message authentication code Protocol) protocol. 
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41. (Original) The method of claim 40, wherein the step of performing said data 
frame encapsulation and/or decapsulation comprises performing CCMP-AES 
(Advanced Encryption Standard) encryption and/or decryption. 

42. (Original) The method of claim 41, wherein the step of performing said CCMP- 
AES encryption and/or decryption comprises encrypting or decrypting at least 
part of a data frame comprising bytes, and said CCMP-AES encryption and/or 
decryption is performed by repeatedly performing a sequence of encryption or 
decryption steps on said part of the data frame. 

43. (Original) The method of claim 42, wherein the step of performing the sequence 
of encryption or decryption steps comprises performing byte substitution using a 
plurality of cryptographic substitution boxes. 

44. (Original) The method of claim 43, wherein the step of performing byte 
substitution on said part of the data frame comprises sequentially performing the 
hyte substitution on a plurality of sub-parts of said part of the data frame. 

45. (Original) The method of claim 42, wherein the step of performing the sequence 
of encryption or decryption steps is split over at least two operating periods of the 
single-purpose hardware. 

46. (Currently Amended) A single-purpose hardware device for performing data 
frame encapsulation and/or decapsulation during encrypted WLAN (Wireless 
Local Area Network) conmiunication, comprising: 

internal hardware components; and 

an interface for communicating with an external hardware component configured 
to perform a connection set-up for the encrypted WLAN communication by 
executing software-implemented instructions of driver software without 
exchanging intermediate data with the single-purpose hardware device ; 

wherein said internal hardware components comprise internal single-purpose 
hardware components for performing configured to perform the data frame 
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encapsulation and/or decapsulation without executing software-implemented 
instructions of said driver software once the connection set-up is completed. 

47. (Original) The single-purpose hardware device of claim 46, wherein said internal 
hardware components further comprise an internal memory for storing data 
frames intended for or resulting from the data frame encapsulation or 
decapsulation. 

48. (Original) The single-purpose hardware device of claim 47, wherein said internal 
memory comprises an arbitration unit for performing memory access control. 

49. (Original) The single-purpose hardware device of claim 47, wherein said internal 
memory comprises a hash memory for storing cipher information indicating a 
determining factor for performing the data frame encapsulation and/or 
decapsulation. 

50. (Original) The single-purpose hardware device of claim 49, wherein said 
determining factor comprises a cipher protocol suitable for performing the data 
frame encapsulation and/or decapsulation. 

51. (Original) The single-purpose hardware device of claim 49, wherein said 
determining factor comprises a cryptographic key suitable for encrypting or 
decrypting a data frame. 

52. (Original) The single-purpose hardware device of claim 47, wherein said internal 
hardware components further comprise a radio transceiver for receiving data 
frames from and/or transmitting data frames to a WLAN station and/or WLAN 
access point. 

53. (Original) The single-purpose hardware device claim 52, wherein said internal 
single-purpose hardware components comprise a cr5^tographic component for 
performing the data frame encapsulation and/or decapsulation and a MAC 
(Mediiom Access Control) component for commimicating with the radio 
transceiver. 
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54. (Original) The single-purpose hardware device of claim 53, wherein said 
cryptographic component and said internal memory are arranged to commimicate 
with each other. 

55. (Original) The single-purpose hardware device of claim 53, wherein said 
cryptographic component and said MAC component are arranged to communicate 
with each other. 

56. (Original) The single-purpose hardware device of claim 53, wherein said MAC 
component and said internal memory are arranged to communicate with each 
other. 

57. (Original) The single-purpose hardware device of claim 53, wherein said internal 
memory is arranged to communicate, over the interface, with the external 
hardware component. 

58. (Original) The single-purpose hardware device of claim 53, wherein said MAC 
component further is for performing a prioritization algorithm for selecting a data 
frame for said data frame encapsidation from a plurality of data frames. 

59. (Original) The single-purpose hardware device of claim 46, wherein at least one 
of said internal single-purpose hardware components is capable of inserting a 
packet number and/or sequence number into a data frame. 

60. (Original) The single-purpose hardware device of claim 46, wherein at least one 
of said internal single-purpose hardware components is capable of generating 
cryptographic data suitable for encrypting or decrypting a data frame. 

61. (Original) The single-purpose hardware device of claim 60, wherein said at least 
one of the internal single-purpose hardware components is capable of generating 
cryptographic data comprising authentication data suitable for encrypting a data 
frame in a maimer specific to a WLAN station or decrypting a data frame 
encrypted in a manner specific to a WLAN station. 
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62. (Original) The single-purpose hardware device of claim 46, wherein said internal 
single-purpose hardware components are for performing the data frame 
encapsulation and/or decapsulation according to the TKIP (Temporal Key 
Integrity Protocol) protocol; 

wherein at least part of the internal single-purpose hardware components further 

is for performing RC4 (Rivest's Cipher 4) encryption and/or decryption; and 

wherein said part of the internal single-purpose hardware components is adapted 
to perform the RC4 encryption and/or decryption on at least part of a data firame 
comprising bytes. 

63. (Original) The single-purpose hardware device of claim 62, wherein said part of 
the internal single-purpose hardware components has a tree structure; and 

wherein said part of the internal single-purpose hardware components is further 
adapted to perform the RC4 encryption and/or decryption on one byte by 
operating only a sub-part of said part of the intemal single-purpose hardware 

components, said sub-part corresponding to the tree root, part of the tree leaves 
and the tree components intercoimecting the tree root with said part of the tree 
leaves. 

64. (Original) The single-purpose hardware device of claim 63, wherein said sub-part 
of said part of the internal single-purpose hardware components corresponds to 
the tree root, two of the tree leaves and the tree components intercoimecting the 
tree root with said two of the tree leaves. 

65. (Original) The single-purpose hardware device of claim 62, wherein said single- 
purpose hardware device is operated periodically; and 

wherein said part of the intemal single-purpose hardware components is adapted 
to perform the RC4 encryption and/or decryption on one byte by splitting the RC4 
encryption and/or decryption over at least two operating periods of said single- 
purpose hardware device. 
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66. (Original) The single-purpose hardware device of claim 46, wherein said internal 
single-purpose hardware components are for performing the data frame 
encapsulation and/or decapsulation according to the CCMP (Counter-mode 
Cipher block chaining Message authentication code Protocol) protocol; 

wherein at least part of the internal single-purpose hardware components further 
is for performing CCMP-AES (Advanced Encryption Standard) encryption and/or 
decryption on at least part of a data frame comprising bytes by repeatedly 
performing on said part of the data frame a sequence of encryption and/or 
decryption steps comprising byte substitution; and 

wherein said part of the internal single-purpose hardware components comprises a 
plurality of cryptographic substitution boxes for performing the byte substitution. 

67. (Original) The single-purpose hardware device of claim 66, wherein said plurality 
of cryptographic substitution boxes is adapted to perform the byte substitution on 
said part of the data frame by sequentially performing the byte substitution on 
sub-parts of said part of the data frame. 

68. (Original) The single-purpose hardware device of claim 66, wherein said single- 
purpose hardware device is operated periodically; and 

wherein said internal single-purpose hardware components are adapted to perform 
the sequence of encryption and/or decryption steps by splitting said sequence over 
at least two operating periods of the single-purpose hardware device. 

69. (Currently Amended) An integrated circuit chip for performing data frame 
encapsulation and/or decapsulation diiring encrypted WLAN (Wireless Local 
Area Network) communication, comprising: 

internal integrated circuits; and 

at least one data bus for communicating with an external CPU (Central Processing 
Unit) configiired to perform a coimection set-up for the encrypted WLAN 
commimication by executing soJEtware-implemented instructions , wherein said 
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connection setup is performed by driver software without exchanging 
intermediate data the integrated circuit chip ; 

wherein said internal integrated circuits comprise internal single-purpose 
integrated circuits for performing configured to perform the data frame 
encapsulation and/or decapsulation without executing software-implemented 
instructions of said driver software once the coimection set-up is completed. 

70. (Cancelled). 

71. (Currently Amended) A computer system for performing encrypted WLAN 
(Wireless Local Area Network) communication, comprising: 

first means for performing a connection set-up for said encrypted WLAN 

communication; and 

second means for performing data frame encapsulation and/or decapsulation 
during said encrypted WLAN communication; 

wherein said first means is for performing the connection set-up by executing 
software-implemented instructions of driver software without exchanging data 
with said second means ; and 

wherein said second means comprises a single-purpose hardware devic e, and 

wherein said second means is configured to perform without executing software- 
implemented instructions of said driver software . 
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